Documente Academic
Documente Profesional
Documente Cultură
on a single AIX 6.1 instance using The WPAR Manager will also typically be
— System WPARs look like inde- SMIT and command line interfaces. used to control the relocation, but com-
pendent AIX 6.1 instances. They IBM also provides a new licensed pro- mand line interfaces can also be used.
have their own copies of many gram product, the IBM PowerVM
system services like init and mail, Workload Partitions Manager™ for AIX PowerVM Live Application Mobility can
they can be logged into via telnet, (WPAR Manager) that lets you manage provide several benefits: first, it allows
and they have their own users and WPARs across multiple systems. The some outages to be avoided by moving
groups. WPAR Manager product is available the application off of a system that needs
— Application WPARs are much separately; it is not part of AIX 6.1. to be shut down for maintenance; sec-
simpler; an Application WPAR is ond, it can be used to balance workloads
simply a wrapper around an appli- ● Live Application Mobility across several systems—automatically or
cation that makes it more man- Workload Partitions can be moved from manually; and finally, it can be used to
ageable. Application WPARs run one system to another without restarting move workloads off servers during non-
inside of the global instance and the application or causing significant dis- peak periods so that those servers could
do not have their own administra- ruption to the application end user. This be turned off—saving energy.
tor, filesystems or security context. process is called PowerVM Live
All processes running inside of an Application Mobility, a feature of AIX 6.1 PowerVM Live Application Mobility is a
Application WPAR can be grouped and the Workload Partitions Manager for feature of AIX 6.1 and the WPAR Manager
together for management, includ- AIX (WPAR Manager). During the reloca- and can be used on any hardware sup-
ing resource controls. Because tion process, the WPAR Manager first cre- ported by AIX 6.1.
Application WPARs are not run- ates a checkpoint of the Workload
ning their own copies of system Partition, then the memory and other
processes like init, they have an WPAR configuration information is moved
even smaller resource footprint to the target system, and finally, the
than System WPARs. WPAR is resumed on the new system—
right where it left off. Applications do not
Security features ● Trusted AIX ● AIX Security Expert
Providing for a secure computing envi- Trusted AIX extends the security capabili- The AIX Security Expert was introduced
ronment has always been a key goal for ties of the AIX OS by integrating compart- with Technology Level 5 update to the
the AIX OS. AIX 6.1 is designed to be mentalized, multilevel security (MLS) into AIX 5.3 OS, and provides clients with
compliant under the Common Criteria the base operating system to meet critical the capability to manage more than
at Common Access Protection government and private industry security 300 system security settings from a single
Profile/Evaluation Assurance Level 4+, requirements. Trusted AIX is implemented interface. To configure security on a sys-
including the Role Based Access as an installation option that can provide tem, you start with a template that pro-
Control Protection Profile (RBACPP) the highest levels of label-based security vides the initial configuration and then
and the Labeled Security Protection to meet critical government and private customize to fit security requirements. The
Profile (LSPP). It includes many new industry security requirements. Trusted AIX Security Expert provides four templates:
features that can increase security while supports various MLS features such as high, medium or low security or a
reducing the effort needed to provide a partitioned directories, trusted networking Sarbanes Oxley template designed to help
secure infrastructure: and labeled printing. you become compliant with the security
requirements of the Sarbanes Oxley Act.
● Role Based Access Control ● Encrypting Filesystem Once the Security Expert has been used
Role Based Access Control (RBAC) pro- The IBM Enhanced Journaled Filesystem to configure security on a system, you can
vides improved security and manageability Extended (JFS2) adds even greater data export those security settings and use
by allowing administrators to grant author- security with the capability to encrypt the them to set other systems identically. With
ization for management of specific AIX 6.1 data in a filesystem. Clients can select AIX 6.1, you can even store these security
resources to users other than root. RBAC from a number of different encryption configurations directly in a Lightweight
can also be used to associate specific algorithms. The encrypted data can even Directory Access Protocol (LDAP)
management privileges with programs, be backed up in encrypted format, reduc- directory—simplifying implementation of
which can reduce the need to run those ing the risk of data being compromised if consistent security across an entire
programs under the root user or via backup media is lost or stolen. The enterprise.
setuid. RBAC improves security by reduc- Encrypting Filesystem can even help pre-
ing the number of root users required to vent the compromise of data by root level
manage systems. It can reduce adminis- users. The Encrypting Filesystem does not
trative costs and improve administrative require significant additional administrative
efficiency by allowing secure delegation of effort because the key management is
routine administrative tasks to non-root automatic and fully integrated into the
users. login authentication process.
● Secure by Default Installation Option ● Support for Long Pass Phrases ● Kernel Support for POWER6
The AIX 6.1 installation process will offer a AIX 6.1 and AIX 5.3 Technology Level Storage Keys
new option, Secure by Default that 7 will support greater than eight character This AIX 6.1 feature brings a mainframe-
enables only the minimal number of sys- passwords for authentication of users. inspired reliability capability to the UNIX
tem and network services to provide the These releases will provide for storing of market for the first time. Enabled by the
maximum amount of security. Secure by passwords using encryption algorithms POWER6 processor, Storage Keys can
Default works best when used in conjunc- such as SHA/256/512, MD5 etc. System- reduce the number of intermittent outages
tion with the AIX Security Expert to tightly wide controls can be configured by the associated with undetected memory over-
control the security configuration of each administrator to choose the algorithm as lays inside the AIX kernel and kernel
system. well as the size of the password which extensions. Applications can also use the
could be up to 255 characters. Enhanced POWER6 Storage Keys feature to
● Trusted Execution support will also include support for pass increase the reliability of large, complex
In Trusted Execution mode, AIX 6.1 will phrases. applications running under the AIX 5.3 or
verify the integrity programs at execution AIX 6.1 releases.
time. This can increase security by reduc- In addition to these new features,
ing the possibility that tampered programs AIX 6.1 provides a wide range of other ● Dynamic Tracing
could be used to compromise the security integrated security features—all AIX 6.1 provides a new dynamic tracing
of the system. A signature (SHA256/RSA) designed to provide a high level of con- capability that can simplify debugging
database for important system files is cre- fidence in the safety of mission-critical complex system or application code. This
ated automatically as part of the regular processes and applications. dynamic tracing facility will be introduced
AIX 6.1 install. The Trusted Execution tool through a new tracing command, probe-
can be used to check the integrity of the Near-continuous availability features vue, which allows a developer or system
system against the database. Also the Over the years, the AIX OS has administrator to dynamically place probes
administrator can define policies such that included many reliability features in existing application or kernel code,
the loads of files listed in the database are inspired by IBM legacy technologies. without requiring special source code or
monitored and execution/loads not The release of AIX 6.1 introduces even recompilation. probevue is very flexi-
allowed if hashes do not match. unprecedented availability features to ble, allowing dynamic specification of the
Additionally the administrator can lock the the UNIX market that can help reduce data to be captured at probe points and
signature database or the files in the data- planned and unplanned outages. These providing the ability to associate execution
base from being modified by any one in features include: pre-conditions with a given probe.
the system, including root.
● Concurrent AIX Kernel Updates
Concurrent AIX updates provides a new
capability to deliver some kernel updates
as interim fixes that will not require a sys-
tem reboot to put into effect. This can
reduce the number of unplanned outages
required to maintain a secure, reliable
system.
● Non-intrusive Service Aids rather than writing to the dump device at in previous AIX releases by introducing
AIX 6.1 service aids are designed to mini- the time of the failure. The result is fewer even more instrumentation to provide real
mally impact performance and availability. dump failures which can enable quicker time diagnostic information.
Second Failure Data Capture (SFDC) tech- problem determination and resolution.
diagnostic and data capture features into ● Enhanced Software FFDC When many operating systems other than
the operating system, but only enabling IBM has included many availability fea- IBM z/OS® encounter a severe problem
them after problem diagnosis has started. tures in the AIX 5.3 and earlier releases. inside the heart of the OS, they crash.
The result is faster, less-disruptive problem One of the key innovations used to AIX 6.1 is the first UNIX OS to introduce
determination, without the need to install improve the reliability, availability and serv- new technology that can, in some cases,
special “debug” code. AIX 6.1 also intro- iceability features of the AIX OS was the recover from errors that would otherwise
duces a mainframe-inspired live dump introduction of FFDC technology. As a cause the operating system to crash. This
facility which allows selected subsystems concept borrowed from IBM hardware reli- is just another example of a feature
to dump their diagnostic information for ability features, FFDC gathers diagnostic inspired by IBM’s legacy technology and
subsequent service analysis, without information about a problem at the time designed to improve the reliability of AIX,
requiring a full system dump and partition the problem occurs–dramatically reducing our premier UNIX OS.
outage. For those problems that still the need to recreate the problem (and
require a partition restart in order to impact performance and availability) at a Manageability features
recover, AIX 6.1 provides a firmware- later time to generate diagnostic informa- Many of the features already described
assisted dump mode on systems based tion. Because clients do not typically inter- such as Workload Partitions, Live
on POWER6 processor technology. In this act with this technology, it is one of the Application Mobility, Role Based Access
new mode, AIX 6.1 cooperates with sys- “hidden innovations” that is largely unseen Control, AIX Security Expert, and AIX
tem firmware to write the First Failure Data but is designed to help increase the over- Concurrent Updates can significantly
Capture (FFDC) information to the dump all reliability, serviceability and most impor- improve the administrative efficiency of
device using the restarted AIX 6.1 image, tant, availability of the AIX OS. AIX 6.1 managing the AIX OS, particularly as
builds on the FFDC capabilities introduced
AIX environments grow. AIX 6.1 also ● Automatic Variable Page Size for the same information. Use of this facility
includes additional features specifically POWER6 can dramatically improve the performance
intended to improve the manageability AIX 6.1 will automatically manage the size of applications that are dependent on
of the AIX OS: of pages used when it is running on a repeated requests for name resolution.
Feature Benefits
Virtualization
PowerVM Live Application Mobility ● Increased application availability, enhanced workload manageability and energy savings
PowerVM Live Partition Mobility ● Increased application availability, enhanced workload manageability and
energy savings * **
Multiple Shared Processor Pools ● Greater resource management flexibility and reduced application software expense * **
Security
Trusted AIX ● Highest level of security for critical government and business workloads
AIX Security Expert ● Improved security, decreased administration costs by enabling federated management of
security across multiple AIX systems
Near-continuous Availability
Concurrent AIX Updates ● Greater system availability, improved security by enabling critical security patches to be
installed without causing an outage
Enhanced First Failure Data Capture ● Increased AIX reliability and quicker problem resolution
Non-intrusive Service Aids ● Increased AIX reliability and quicker problem resolution
Functional Recovery Routines ● Increased AIX and application reliability and availability
Manageability
PowerVM Workload Partitions ● Reduced administrative expense by reducing the number of AIX operating systems to
maintain. Greater flexibility to deploy and manage workloads
PowerVM Live Application Mobility ● Improved flexibility to improve application availability and performance and to reduce
energy costs
PowerVM Workload Partitions Manager ● Reduced management costs by providing federated management of workload partitions
across the enterprise
PowerVM Live Partition Mobility ● Improved flexibility to improve application availability and performance and to reduce
energy costs * **
IBM System Director Console for AIX ● Reduced administrative costs and improved administrative effectiveness by enabling Web-
based administration across multiple AIX instances
Automatic Variable Page Size ● Improved performance with reduced administrative effort
POD03007-USEN-00